Updated SSL Certificate needs deselection and then reselection of certicate

Discussion forum for Enterprise Edition.
Post Reply
KennetZed
Posts: 1
Joined: Thu Feb 01, 2018 9:13 am

Updated SSL Certificate needs deselection and then reselection of certicate

Post by KennetZed »

I'm not sure if this question is better placed in the developer section(?).

When our SSL certificate gets renewed (we use letsencrypt.org), i have to deselect, apply, reselect the SSL certificate in servers->localhost->properties and then restarting the appropriate services, for it to be able to function with the new one - even though it has the same name, and gets overwritten when it gets renewed. I guess MailEnable references it by other than name, as just restarting services from a script, doesn't do the trick.

Is there a smoother way than manual labor, to do this? I've scripted the reapplying of rights to the certificate, when it gets updated, but i need this last bit, to make it automatic.

if not - does the API contain ways of manipulation the applied SSL certificates? i don't seem to be able to find it in the documentation, but i might have overlooked something.

privateland
Posts: 62
Joined: Tue May 13, 2014 8:40 pm

Re: Updated SSL Certificate needs deselection and then reselection of certicate

Post by privateland »

Hi
Hope you don't mind me butting in on your thread, but I can't get as far as you with Letsencrypt.
I have created a standalone cert for the mail server, imported the .der file into my SSL store and pointed to it from Mailenable Enterpise 9.5.
Can't get the client to connect. IMPA log says there is an attempt at a 993 (non-ssl) connection.

Have I missed anything you didn't?

Regards
John

lweidig
Posts: 15
Joined: Thu Nov 14, 2013 8:19 pm

Re: Updated SSL Certificate needs deselection and then reselection of certicate

Post by lweidig »

We are having the exact same issue as KeenetZed when replacing the certificate. We have scripted the reset of this as well, but something is not replacing the pointer as he states. We need to get this resolved and would appreciate if MailEnable could let us know exactly where this configuration item is stored and how we are able to programatically replace it so this process can be fully automated.

It has caught us a number of times because when you look at it it looks good, it is simply not until you apply it again that it actually works.

lweidig
Posts: 15
Joined: Thu Nov 14, 2013 8:19 pm

Re: Updated SSL Certificate needs deselection and then reselection of certicate

Post by lweidig »

In our case this ended up being a permission issue on the private key for the newly imported certificate. Our entire process was written in Powershell for the management and we were able to use the article below for the needed commands to set the permissions:

https://stackoverflow.com/questions/400 ... powershell

The username is IME_SYSTEM and the permission that needs to be assigned is FullControl.

Also, thanks to MailEnable support for their assistance as well on this issue! Hope this helps somebody else with this problem.

Post Reply